A Cross Site Request Forgery (CSRF) flaw was found in the way the Aggregator module of Drupal, the content management system, performed retrieval of syndicated content from other websites. A remote attacker could provide a specially-crafted URL, which once visited by an unsuspecting Drupal user could lead to the Aggregator module to attempt to in unlimited way obtain feeds from remote websites, which in case the remote site enforced an upper bound / limit for count of feeds, which could be obtained during certain time interval, could lead to denial of service for the victim.
References:
[1] http://drupal.org/node/1425084